MWAV log - kontrola Vyřešeno

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

KillAll::

File::

c:\documents and settings\PC\Data aplikací\ezpinst.exe
C:\WINDOWS\Downloaded Program Files\IDropPTB.dll


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[Reklama]

[Martimos]

ComboFix 09-05-28.07 - PC 29.05.2009 15:18.6 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.606 [GMT 2:00]
Spuštěný z: c:\documents and settings\PC\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\PC\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090526-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"c:\documents and settings\PC\Data aplikací\ezpinst.exe"
"c:\windows\Downloaded Program Files\IDropPTB.dll"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\PC\Data aplikací\ezpinst.exe
c:\windows\Downloaded Program Files\IDropPTB.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-04-28 do 2009-05-29 )))))))))))))))))))))))))))))))
.

2009-05-23 18:05 . 2009-05-27 16:48 -------- d-----w c:\program files\Wise Registry Cleaner
2009-05-12 16:01 . 2009-05-12 16:01 -------- d-----w c:\program files\Ashampoo
2009-05-05 15:43 . 2009-05-28 15:42 -------- d-----w c:\program files\Advanced SystemCare 3
2009-05-01 14:16 . 2009-05-01 14:16 -------- d-sh--w c:\documents and settings\PC\PrivacIE
2009-05-01 14:15 . 2009-05-01 14:15 -------- d-sh--w c:\documents and settings\PC\IETldCache
2009-05-01 14:12 . 2009-05-01 14:14 -------- dc-h--w c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-28 15:04 . 2009-04-12 09:57 -------- d-----w c:\program files\Poker
2009-05-27 16:18 . 2009-03-01 16:36 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-27 15:41 . 2008-03-19 13:34 -------- d-----w c:\program files\Avast
2009-05-26 11:20 . 2009-03-01 16:36 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 11:19 . 2009-03-01 16:36 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-24 14:04 . 2008-02-27 13:31 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-19 13:34 . 2009-05-19 13:34 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-05-19 13:34 . 2009-05-19 13:34 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-25 09:41 . 2009-03-04 12:29 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-16 15:39 . 2002-09-23 12:00 514646 ----a-w c:\windows\system32\perfh005.dat
2009-04-16 15:39 . 2002-09-23 12:00 112432 ----a-w c:\windows\system32\perfc005.dat
2009-04-15 14:02 . 2008-06-18 16:22 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-04-05 06:41 . 2009-02-17 17:46 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-05 06:41 . 2009-04-05 06:41 -------- d-----w c:\program files\Java
2009-03-19 17:38 . 2009-04-14 15:35 7928 ----a-w c:\windows\system32\cnat.exe
2009-03-18 17:54 . 2009-04-14 15:35 39440 ----a-w c:\windows\system32\drivers\csdf.sys
2009-03-18 17:53 . 2009-04-14 15:35 36624 ----a-w c:\windows\system32\drivers\crpf.sys
2009-03-14 17:27 . 2009-03-14 17:27 -------- d-----w c:\windows\Fonts\AdvUninstal
2009-03-10 18:28 . 2008-02-27 13:21 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-10 18:28 . 2008-02-27 13:21 2740 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-03-08 02:34 . 2004-08-17 13:49 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2004-08-17 13:49 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2004-08-17 13:49 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2004-08-17 13:49 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2004-08-17 13:49 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2004-08-17 13:49 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2004-08-17 13:49 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2004-08-17 13:48 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2004-08-17 13:49 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 02:22 . 2002-09-23 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 18:03 . 2008-09-26 14:11 189072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-03-06 14:23 . 2004-08-17 13:49 284160 ----a-w c:\windows\system32\pdh.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"avast!"="c:\progra~1\Avast\ashDisp.exe" [2009-02-05 81000]
"gemstrmw"="c:\windows\system32\gemstrmw.exe" [2003-08-29 24576]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Total Commander\\TOTALCMD.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12124:TCP"= 12124:TCP:*:Disabled:BitComet 12124 TCP
"12124:UDP"= 12124:UDP:*:Disabled:BitComet 12124 UDP
"18482:TCP"= 18482:TCP:*:Disabled:BitComet 18482 TCP
"18482:UDP"= 18482:UDP:*:Disabled:BitComet 18482 UDP

R0 csdf;cdsf;c:\windows\system32\drivers\csdf.sys [14.4.2009 17:35 39440]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.4.2008 15:14 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.4.2008 15:14 20560]
R3 GEMPC430;GEMPLUS GemPC430 USB Smart Card Reader;c:\windows\system32\drivers\grclass.sys [21.3.2008 21:59 82432]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [9.5.2006 18:27 13824]
S3 NCHSSVAD;SoundTap Recorder;c:\windows\system32\drivers\nchssvad.sys [21.9.2008 14:10 21120]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-procexp90.Sys


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.idnes.cz/
uInternet Settings,ProxyOverride = *.local
DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} - hxxps://ib24.csob.cz/Comp/IcaSignerCZ.cab
DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} - hxxps://ib24.csob.cz/comp/CSOBEnroll.dll
DPF: {4C3CEE0B-4F2F-44C3-9586-4368F3200143} - hxxp://download.ica.cz/icapki.cab
FF - ProfilePath - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\b5mcnbn1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.pc-help.cz/
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-29 15:21
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="FB98FDB7BA8CF785D9E274B4E92661928BA388EC0247C39877DB979D424EAD69A2FC41914F366AFD36656A145E1D632D48F210732B5E6B78839B6E934131BE6614A0751016E6E76B67CB0BED6CAD66E7BE3EA1DF93E6AE2F91CB1A19EA90F522356D7B2E3DB5CDDAE9C0F605677D92E822913960D1BAA399FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A6A0AC4980AC7933A6171C11EC38DE3DE1A3344B8F39F21A68308373F12AD3DBF7F38BE9D5E058E56ED97FB52E6F837895520AD80AE7EDF1776D17560A6F7C93786C7C3F2C6CEB614B7A715A62B4B28AB4E3CED67B582CE393EA260A5BF70FF0CAA0A24583AAC301E95642B86DF2F6D8B29BD9E22FCA8D6C674EE396F6B2DC2A6D35AB8CD25BBA533B324085C9DE566B977F347A4383E62DAFFD39E3BE15A519F3137E0760C5A00C47196B5DC42E4EED015B1D04A94A016ABE2740BE6C17213B8468320BCAB3B70129587A407F1BCEB09DBE86C72BE91B0EF83AC8D98A367833D726145281F1382D1184D59170E43C2733FA98F2E0B2E3A3D6E9D64AF97249C63D8024FAC9D14BB041EF9C97624DEC69192A2C933AF8015DE6B022896CD0A5DE17F1178A3DA911CC91379FFEF01CAEB43C2550A07A110D8EC9499574EBDA158A5B36D56347539DE9EC3863D58F1BC1661D8CC771B7DA92B1B5B351CCD39B8F7C14CFFAD1292C759153942391049959834EC10941DBB314E173B3A73953A484086004D90478169574D633CA08E66A9C357AED3EB2270086625F53A2C0EC0AD5A8725AF58C9D76EBE3203EFD74A663A845DB7AC5C82CA6D2176C5C7AD17BE459FC10A08762D337DC5669238FF585DE8DA5C297B3EB519455879EE021BE28D1584592E8FA5EAEC43E6882138B1219BC4FE715B7CCE8D1B760628E33393B737112E86A0870BF11125BD84E86AD2EC9DFE446CA928C703C0537F76B6E9A6132E838F01816BDA9B395F309C3376996D72D3B1CEE24A116F273953DF5EBD0AF0BDFEF0CB3716A2123C6B881EFA1627AD2903367A22A6D52ACFE254B82CB9A867A83D40A653B33124225D4EB708972EDA179A04E9A280782F428895EFAF36CAA4F8473E2EBD788C943B0DE1878F327E6FD5849181E65B9E52AF056D85D8CEC47AD974E301B708FFAB1F0E8F7D02C4341F5A4EBB0896D03A17F62153DB900F8680EF45BAF5872A03BE76EF4A452403BBC69D9B6A74E0E96BE7A07C33635009F00BBD985431D8F478616B6F8D5EE0138FD90F64EB06F5C59A7F66FD1900B7F2363D606A970783C453A445B62EB28051989F3FC4B2406ADE62FA3AE253C86B7FCCB53BF9A620D328E9949F28E6B16A8EDCD717339FEBD1F8E87835C96CE89A4D656F6CE1DE490ED4CC951965078"
"OODEFRAG11.00.00.01WORKSTATION"="44F42D268D7A43144D45BF0A9B03856DDCEAEFCDB1085BF1FBB7E808BF1906A5DEDD4B3F01AF12EF1BA873926677889541CE8F87CC236AC5375100D288537D2EEB6A0DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933FEBC9E127BECC74CA2D97226D213B5553CEB6330261098FB987CC17BE4885417335E118C1631F8D2E8D48847EBCE9FB99D95D050AA0510D3135567D7C109B2D9472116B9721E90B9E9817CE211E85AEA5B772215C9131193C345A1707F342C7CB00459CDB1985D54CD8D37727BCFDB479E360D011C0CC4DF5B53F6D110520ABFCB95D1073E006CA0382DC07E301411A8F6C9490B5FD49991735DEF800BBED81BD5B5F893A8C18B52B3652605595BA71FD47D931B75E9C0B384149BF22C666D37F21CCD9824E44E4D2A137576C0DD176F0DF1AD1264D7AD08ECFB8B94CFCEDCF02C52552D0A7F8B2FED6342B7DAE9158E5919DA3F57C11B82EFEC54C4FB108059EAB512DD543D60C53158A52339E01EABD63D63EA99DC05CCB294905554D177B80078922AA3E029918E4B390497B7F2A287F795CD1F75AD41C074DC8EA65723859E1F6307BB3D0A4B80E59E9B50F71809503A41957DE79AF20960DB2B5FF12BEE5C85175B063B6B5CE9A5F8A0E6BD5426FB473BE56D271324DB02B259930877D6B6D7C4040C56F6E40DDEEE3AFEBBB474B5B6DBD3CE3AA4CEF0540BBC799638D00D980851009F1C3513B7AD85DFB70A258FF400E821BAA11F63AA93EC6BACDE28A11DFD86B43A0FD488AB63157988E71B80C288248CD69FF4AF277CF4E8EC21D91C8E4A5BA0DFC57F5D08C4EB5B9D25ECDFB15AF65AD075663AC4FB52148FF91888EC137D62DBFAA066718985B9F7DF67ECA95D47767EC23AC74FCBF934DD2646D508038B380F2FDEDBDC6C4CEE2BF68948E87EEEF54B67ED0466A951B4B8A9015706C89986EC258CD916AC2376621086F57C2EBC0D358832FB80D6B3A3934913C461972FD3FE63B7613B8F5E72DA114761CAE1F395CE0FE9A3679971B4758F00B966264A4E61369C57C0DCC6A6E4A765570911C60E3CA8B0D035BACC3E79CA7BB4B82E59C4422B2E026B5E1A7CE54431894439E2973B4750BD5C89FC3C4E0D7099CCEEC12C6817148FD7650981D71A2E0C5B5A64F8171E4A0920552BCBB82D7C31ECAAD91AAA1128907344B765472215D904F9DD1B332853349B75F8B08EC3702437A86E4C767278F781D341FC56984FCE4421558D852154A6B943F8D23BB0D1041DB23FA14B5C4820976FB043B97C7EAD78DA4500998BE7AABB1CB03C3E94DAC36318819F3D308D44237687D3B912F49B50399BC90C2CE16E37E19C9A2CD678B9262C5B6CF496F204DFCC3CEDB5633A21504FB865108B430513FAAB43"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(568)
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avast\aswUpdSv.exe
c:\program files\Avast\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Avast\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2009-05-29 15:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-05-29 13:26

Před spuštěním: Volných bajtů: 190 819 295 232
Po spuštění: Volných bajtů: 190 805 430 272

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
196 --- E O F --- 2009-05-13 12:42

[Martimos]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:28:22, on 29.5.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avast\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idnes.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} (ICASign Class) - https://ib24.csob.cz/Comp/IcaSignerCZ.cab
O16 - DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} (CSOBEnroll Class) - https://ib24.csob.cz/comp/CSOBEnroll.dll
O16 - DPF: {4C3CEE0B-4F2F-44C3-9586-4368F3200143} (ICApki Class) - http://download.ica.cz/icapki.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4121181187
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

--
End of file - 5512 bytes

[Damned]

Vidím tam už jen drobnosti.
Spusť si HJT a fixni:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r

Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Pokud máš vše OK, označ téma jako vyřešené a odfajfkni ho. Hezkej víkend.

[Martimos]

Dobře, díky za tvůj čas i ochotu :)